bugsy2334 Posted June 14, 2008 Share Posted June 14, 2008 I currently have my images directory, as well as a couple other directories set to chmod 777. I do not feel comfortable with this security level. I'd really like to set the permissions to a maximum of 755. The problem is that whenever I do this, I get an error saying "Error: Catalog images directory is not writeable: /usr/local/apache2/htdocs/images/". I know this has something to do with the user that php is using, but I don't know how to correct it. I searched the forums, and found some posts relating to this issue, but none of them said exactly how to resolve the issue. I appreciate the help. Link to comment Share on other sites More sharing options...
germ Posted June 14, 2008 Share Posted June 14, 2008 I had the same problem. I was told by a very astute and reliable member here it's because they don't have the server set up properly. What I did was install a contribution called "osC Filebrowser". How that works is you upload images via FTP or your Web hosts Cpanel. Then when you add/change categories in your admin, a window pops up and let's you pick images from the images folder. That was my "work around". :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
bugsy2334 Posted June 14, 2008 Author Share Posted June 14, 2008 Thanks for the reply. However, I would much rather just set the server up properly. It's not just the images folder that I'm having this issue with, it's any folder that requires data to be written to it. Thanks. Link to comment Share on other sites More sharing options...
germ Posted June 14, 2008 Share Posted June 14, 2008 Here's what I was told (for what it's worth): Your server is running PHP as a module as opposed to as a CGI with phpSuExec. Your set up requires permissions of 777 whereas the CGI/phpSuExec set up doesn't allow 777 at all but has a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else). In short to have working 755 folders you would need the host to change the set up. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
bugsy2334 Posted June 14, 2008 Author Share Posted June 14, 2008 Alright, i think i figured it out. I had to change the user and group ownership so that it matched the user/group that php or the apache server was running as. I used chown to change ownership of the folders that I needed to be able to write to using php. Thanks. Link to comment Share on other sites More sharing options...
cannuck1964 Posted August 19, 2008 Share Posted August 19, 2008 for those people who are having issues / concerns here. The biggest issue here is that people can upload scripts which then can be used to insert code into other folders/files. Here is a simple fix (not as good as the 755 method) that will stop applications from RUNNING in the folder (there should not be scripts in the image folder anyways. # stop scripts from running from the folder IndexIgnore * Options All -Indexes # Secure directory by disabling script execution AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .jsp .asp .htm .html .shtml .sh .cgi Options -ExecCGI # Don't show this file, that would be bad as well! <Files .htaccess> order allow,deny deny from all </Files> Step 1 is to create a new htaccess file. Step 2 upload this file into the images folder and cache (if you use the SEO urls) This is not my work ( linked from here : http://forum.joomla.org/viewtopic.php?f=267&t=288032 ) but might be more help for those having this as an issue. cheers, Peter Peter McGrath ----------------------------- See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation Link to comment Share on other sites More sharing options...
Remulon Posted February 26, 2009 Share Posted February 26, 2009 Alright, i think i figured it out. I had to change the user and group ownership so that it matched the user/group that php or the apache server was running as. I used chown to change ownership of the folders that I needed to be able to write to using php. Thanks. bugsy, I am having the same problem with my folder permissions being 777. Can you elaborate a little more on how you used CHOWN to resolve your situation? Did you CHOWN nobody:nobody /images or something to that extent? I know that my PHP is running as user "nobody" Can anyone see any problems with setting these folders` permissions like this? Will anyone still be able to upload phishing files and the like to these folders? Link to comment Share on other sites More sharing options...
germ Posted February 27, 2009 Share Posted February 27, 2009 Running with a web accessible folder at 777 permissions is "bad". The .htaccess file in this post is a "band-aid". If it works "as advertised" it stops scripts from RUNNING. So... Hackers could still upload hacking scripts, but if they can't RUN them they don't hurt anything (other than take up space). You'd just periodically have to clean them out (if you think that is even necessary). If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Remulon Posted February 27, 2009 Share Posted February 27, 2009 Yeah, I think I am going to use a combination of both methods for the time being, until I find a better solution. For those who are new to this thread, "both methods" are the .htaccess file above, and the method I proposed on page 3 of this thread. That way, hackers only have very small windows where they can upload scripts into my folders, and they can't run them anyway. Link to comment Share on other sites More sharing options...
Caggzer Posted September 8, 2010 Share Posted September 8, 2010 for those people who are having issues / concerns here. The biggest issue here is that people can upload scripts which then can be used to insert code into other folders/files. Here is a simple fix (not as good as the 755 method) that will stop applications from RUNNING in the folder (there should not be scripts in the image folder anyways. # stop scripts from running from the folder IndexIgnore * Options All -Indexes # Secure directory by disabling script execution AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .jsp .asp .htm .html .shtml .sh .cgi Options -ExecCGI # Don't show this file, that would be bad as well! <Files .htaccess> order allow,deny deny from all </Files> Step 1 is to create a new htaccess file. Step 2 upload this file into the images folder and cache (if you use the SEO urls) This is not my work ( linked from here : http://forum.joomla.org/viewtopic.php?f=267&t=288032 ) but might be more help for those having this as an issue. cheers, Peter Hi So I copy and pasts the code above into a BLANK .htaccess document and upload into the images directory?????? Gareth Link to comment Share on other sites More sharing options...
♥FWR Media Posted September 8, 2010 Share Posted September 8, 2010 I wouldn't touch php as a CGI or suPHP with a large stick. In my opinion it is extremely slow, unnecessary and to the individual account holder can actually cause more hack problems than it solves. For those with a dedicated server or VPS I would always recommend PHP as an apache module ( DSO ). PHP as a CGI and suPHP are a benefit however to the owners of servers that are offering bucket hosting . Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
MrPhil Posted September 8, 2010 Share Posted September 8, 2010 The basic problem here is that the server is configured such that PHP runs under a user ID that is either in the same "group" as the owner, or is something else entirely (is in "other/world"). For osC (running PHP) to write to a directory, you must grant write permission (7 instead of 5): 775 or 777 as the case may be. 775 isn't too bad of a security risk, but 777 is awful on a shared server. You can temporarily change a directory to 777, do your upload, and then change it back to 755, but that can get real old real fast if you upload frequently. See my sig > FAQs > Proper Permissions. Perhaps someone can look into an add-on that lets you upload images or whatever via FTP, and then run the rest of the "upload" script (minus the actual uploading) to load the database. Link to comment Share on other sites More sharing options...
pick1e Posted September 9, 2010 Share Posted September 9, 2010 What I did was install a contribution called "osC Filebrowser". How that works is you upload images via FTP or your Web hosts Cpanel. Then when you add/change categories in your admin, a window pops up and let's you pick images from the images folder. Thanks for this suggestion. oscFileBrowser will work for me too. I've spent the last couple of days trying to install suPHP, only to kill my server, reprovision, and restore backups :) I decided that not being a linux guru I'd just go this route and it works great. -------------------------------- Justin osC is awesome. Thanks everyone. Link to comment Share on other sites More sharing options...
Denisse Posted October 18, 2011 Share Posted October 18, 2011 Thanks for this suggestion. oscFileBrowser will work for me too. I've spent the last couple of days trying to install suPHP, only to kill my server, reprovision, and restore backups I decided that not being a linux guru I'd just go this route and it works great. Hi Justin! I have the same problem, and I have been a couple of days already trying everything and nothing seems to work.... I downloaded the oscFileBrowser, but now I do not know how to install it, Could you please help me with this? Do I need to change something in the OSC configuration? Thank you Link to comment Share on other sites More sharing options...
Denisse Posted October 18, 2011 Share Posted October 18, 2011 Can anyone help me? How can I change to 755? Thank you Link to comment Share on other sites More sharing options...
MrPhil Posted October 19, 2011 Share Posted October 19, 2011 Use your hosting service's control panel > File Manager to change permissions. Most servers these days are set up to ignore chmod requests by FTP clients. If you're on a Windows server, there is no "chmod" command under that name, but you can turn "Read Only" on and off for various groups (you want Read Write for yourself and possibly PHP, while everyone else sees Read Only). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.